From 6513755670892983db88a6633b8c1ea6019c03d1 Mon Sep 17 00:00:00 2001
From: Ben Sima <ben@bsima.me>
Date: Fri, 15 Nov 2024 14:55:37 -0500
Subject: Re-namespace some stuff to Omni

I was getting confused about what is a product and what is internal
infrastructure; I think it is good to keep those things separate. So I moved a
bunch of stuff to an Omni namespace, actually most stuff went there. Only things
that are explicitly external products are still in the Biz namespace.
---
 Omni/Users.nix | 60 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 60 insertions(+)
 create mode 100644 Omni/Users.nix

(limited to 'Omni/Users.nix')

diff --git a/Omni/Users.nix b/Omni/Users.nix
new file mode 100644
index 0000000..b214704
--- /dev/null
+++ b/Omni/Users.nix
@@ -0,0 +1,60 @@
+{ config, lib, ... }:
+
+let
+  readKeys = k:
+    lib.trivial.pipe k [
+      builtins.readFile
+      (lib.strings.splitString "\n")
+      (lib.filter (s: s != ""))
+    ];
+in {
+  users.groups = {
+    # group for publishing web data
+    "www-data" = { };
+  };
+  users.motd = ''
+
+    welcome to the simatime network!
+    your host is '${config.networking.hostName}'
+
+  '';
+  users.mutableUsers = false;
+  users.users = {
+    # bots
+    #
+    deploy = {
+      isNormalUser = true;
+      home = "/home/deploy";
+      openssh.authorizedKeys.keys = readKeys ./Keys/Deploy.pub;
+      extraGroups = [ "wheel" ];
+    };
+    #
+    # humans
+    #
+    root.openssh.authorizedKeys.keys = readKeys ./Keys/Ben.pub;
+
+    ben = {
+      description = "Ben Sima";
+      isNormalUser = true;
+      home = "/home/ben";
+      openssh.authorizedKeys.keys = readKeys ./Keys/Ben.pub;
+      extraGroups = [ "wheel" "docker" "bitcoind-mainnet" "git" ];
+      hashedPassword =
+        "$6$SGhdoRB6DhWe$elW8RQE1ebe8JKf1ALW8jGZTPCyn2rpq/0J8MV/A9y8qFMEhA.Z2eiexMgptohZAK5kcGOc6HIUgNzJqnDUvY.";
+    };
+    dre = {
+      description = "Andres Ulloa";
+      isNormalUser = true;
+      home = "/home/dre";
+      openssh.authorizedKeys.keys = readKeys ./Keys/Dre.pub;
+      extraGroups = [ "wheel" "git" ];
+    };
+    nick = {
+      description = "Nick Sima";
+      isNormalUser = true;
+      home = "/home/nick";
+      openssh.authorizedKeys.keys = readKeys ./Keys/Nick.pub;
+      extraGroups = [ "docker" "git" ];
+    };
+  };
+}
-- 
cgit v1.2.3